Test open ports

[Mike Mimic]

Hi!

I would like to know if user of my service is comming via
proxy. I know about those proxy headers but I would like to
make one more test. Test if common proxy ports are open
on user's address. Is there a way for this without opening
a whole TCP connection (socekt connect, close)?


Mike

 

[Anno Siegel]

Hi!

I would like to know if user of my service is comming via
proxy. I know about those proxy headers but I would like to
make one more test. Test if common proxy ports are open
on user's address. Is there a way for this without opening
a whole TCP connection (socekt connect, close)?

Why are you asking this on a Perl groUP?

Anno

 

[Anno Siegel]

Hi!

I would like to know if user of my service is comming via
proxy. I know about those proxy headers but I would like to
make one more test. Test if common proxy ports are open
on user's address. Is there a way for this without opening
a whole TCP connection (socekt connect, close)?

Why are you asking this on a Perl group?

Anno

 

[Mike Mimic]

Hi!

Why are you asking this on a Perl group?

Because my program is in Perl.


Mike

 

[Uri Guttman]

MM> Hi!
MM> Because my program is in Perl.

and you didn't say that. and you didn't ask a perl question. and even if
your program is in perl doesn't make this the proper group for it. what
if your program were in another language? you would still have the same
problem figuring out whatever it is that you need (the description is
gibberish). so that means the problem is langauge independent and not a
perl related one.

so either post some perl code you need help with, ask a perl specific
question or post this elsewhere where it belongs.

uri

 

[Walter Roberson]

:I would like to know if user of my service is comming via
roxy. I know about those proxy headers but I would like to
:make one more test. Test if common proxy ports are open
n user's address. Is there a way for this without opening
:a whole TCP connection (socekt connect, close)?

That doesn't sound like a perl question: that sounds like something
more suitable for comp.security.misc .

I suggest that you see the documentation for the POSIX 'sendto'
routine -- that and I suggest you look carefully at the methods used
by Fydor's "nmap" program.

 

[Walter Roberson]

|In article <[email protected]>,

|:Is there a way for this without opening
|:a whole TCP connection (socekt connect, close)?

|by Fydor's "nmap" program.

I neglected to mention that most of the alternatives to forming a
complete connection require "root" access on unix systems, in order
to have the permission to send out the specially crafted packets that
are needed.

 

[gnari]

Hi!


Because my program is in Perl.

then , if you have the non-perl answer (how
to detect if user is comong via proxy), tell us what it is,
and we might help you implement it with perl.

when you do that, maybe a few more details would
help, like what do you mean by 'service' ?

gnari

 

[Cyde Weys]

Mike Mimic wrote:

I would like to know if user of my service is comming via
proxy. I know about those proxy headers but I would like to
make one more test. Test if common proxy ports are open
on user's address. Is there a way for this without opening
a whole TCP connection (socekt connect, close)?

nmap -sS offending.ip.address

Wrong newsgroup though.

 

[Cyde Weys]

Walter Roberson wrote:

I neglected to mention that most of the alternatives to forming a
complete connection require "root" access on unix systems, in order
to have the permission to send out the specially crafted packets that
are needed.

If you compile nmap yourself it's pretty easy to change the code so that
you don't need root access. I think the point of limiting it to root
access by default is so that on a multi-user system non-root users can't
use the advanced stealth options.

Or am I totally wrong here and there's an actual reason you need to be
root to send specific types of packet that is related to the kernel, not
to the nmap?

 

[Walter Roberson]

:> I neglected to mention that most of the alternatives to forming a
:> complete connection require "root" access on unix systems, in order
:> to have the permission to send out the specially crafted packets that
:> are needed.

:If you compile nmap yourself it's pretty easy to change the code so that
:you don't need root access.

:Or am I totally wrong here and there's an actual reason you need to be
:root to send specific types of packet that is related to the kernel, not
:to the nmap?

In order to fill in some of the icmp or tcp header fields yourself,
you have to use RAW sockets, the use of which is restricted to root
on unix systems.

Also, because you are hand-crafting the packets rather than going
through the IP stack, the IP stack isn't necessarily going to be
able to deliver the SYN ACK or icmp refusals to you. In order to
get those packets, you have to use the SNOOP protocol -- which again
requires root on unix systems.

 

[Mike Mimic]

Hi!

then , if you have the non-perl answer (how
to detect if user is comong via proxy), tell us what it is,
and we might help you implement it with perl.

when you do that, maybe a few more details would
help, like what do you mean by 'service' ?

I have a Perl program which runs as a service (daemon) and
listens to incoming connections. And for security reasons
I would like to prevent connections through proxy.

I have found out that opening a whole connection to proxy
ports is efficient enough so there is no need for some
raw packets and I can use Perl's IO:Socket.

And I know that how to test for open ports is not a Perl
question but I did not know how to do it in Perl. How to
make a raw packet in Perl. This is what I wanted to know.
Sorry for a bad question.

But as I wrote I have solved the problem.

Thanks to all of you


Mike

 

[James Willmore]

|In article <[email protected]>,

|:Is there a way for this without opening
|:a whole TCP connection (socekt connect, close)?

|by Fydor's "nmap" program.

I neglected to mention that most of the alternatives to forming a
complete connection require "root" access on unix systems, in order
to have the permission to send out the specially crafted packets that
are needed.

And why don't you have 'root' access? And why do you want to do such a
thing when `netstat` works on both *NIX and Windows (XP and 2000 it does;
don't know about 98, ME, or the various versions of NT)?

HTH

--
Jim

Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.

a fortune quote ...
Prof: So the American government went to IBM to come up with a
data encryption standard and they came up with ... Student:
EBCDIC!"

 

[James Willmore]

And why don't you have 'root' access? And why do you want to do such a
thing when `netstat` works on both *NIX and Windows (XP and 2000 it does;
don't know about 98, ME, or the various versions of NT)?

I replied wrongly, again - sorry :-(

My question for the OP is this - what are you trying to acomplish? If you
want to keep tabs on the users to see if they're running some they
shouldn't be running, then `nmap` would be the simple solution.

If you want to monitor traffic to/from the user's box, then ethereal may
fit the bill.

It seems to me that there are tools available out there to perform such
tasks.

I love using Perl, but I don't like to re-invent the wheel if I don't have
to

HOWEVER, if you are trying to audit by stealth using Perl, then you may
want to look over IO::Socket. I don't think it will do *exactly* what you
want to do, but it may give you a solid starting place. It's not an easy
task to scan for open ports *without* connecting to them - at least
programmatically (meaning, write code to do it). You have to play around
with the TCP header information in such a way that the client will let you
know a port is open, but have it *not* register on the client as having a
connection.

If you're interested in a good book on the subject, try Skoudis's "Counter
Hack", which gives an in depth discussion on various techniques on doing
what you propose.

HTH

--
Jim

Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.

a fortune quote ...
A citizen of America will cross the ocean to fight for democracy,
but won't cross the street to vote in a national election. --
Bill Vaughan